back to article Grab those updates: Microsoft flings out fixes for already-exploited bugs

It's every Windows admin's favorite day of the month: Patch Tuesday. Microsoft emitted 59 patches for its September update batch, including two for bugs that have already been exploited. Five others are listed as critical. Let's start with the two currently under exploitation. First up: CVE-2023-36761, an information …

  1. Jou (Mxyzptlk) Silver badge

    NTLMv1 or NTLMv2 ?????

    Oh how I love those clear security articles and CVE entries. With a score of 6.2 I suspect NTLMv1, which has been known to be insecure for a long time. And we kick it our wherever we see it, especially on domain controllers. NTLMv1 uses unsalted hashes, which makes it so dangerous.

    But if NTLMv2 would be affected too this vulnerability this would be a completely different game, and it wouldn't be "only" a 6.2 score.

    I hope they will update the msrc article soon.

  2. Anonymous Coward
    Anonymous Coward

    Has the world changed?

    I remember installing a Windows update 30 years ago ... and didn't need to worry about anything for years afterwards, I did upgrade about three or four years later but only because I thought Windows 95 looked nice, and all my friends had been using it.

  3. Saime1993

    While NTLMv2 is generally considered more secure than NTLMv1, it's not immune to vulnerabilities. If this vulnerability were to affect NTLMv2, it would indeed be a more serious issue, as NTLMv2 is more widely used.

    1. Jou (Mxyzptlk) Silver badge

      Microsoft wants to get rid of ALL NTLM. Therefore the plan to do so will span more than ten years of transition.

      NTLMv1 will bis disabled by default soon. But that is not the topic of the Microsoft article, it is communicated in public insider channels.

  4. Saime1993

    https://forums.theregister.com/forum/1/2023/09/12/september_2023_patch_tuesday/?post_received=1

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like